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REMARKS / ARGUMENTS 

By way of the above amendments, claims 1, 2, 4-7, 10, 11, 17 and 18 have been amended 
and claims 8, 9, 19 and 20 have been canceled. Claims 1-7 and 10-18 remain in the application. 
Reconsideration of the application is requested. 

Double Patenting Rejections 

The examiner has provisionally rejected Claims 1-20 on the grounds of nonstatutory 
obviousness-type double patenting, as being unpatentable over amend claims 1-35 of copending 
patent application no. 1 1/010,191. The examiner acknowledged that the present claims are not 
identical to those of application no. 11/010,191, but maintains that the claim sets are not 
patentably distinct from each other. As a preliminary matter, the applicant notes that a Notice of 
Allowance has been issued for claim 15-37 of the application no. 11/010,191. In addition, the 
applicant believes that the above amendments, which specify further details of the claimed 
inventions, render the present claims patentably distinct from those of application no. 
11/010,191. Accordingly, the applicant requests reconsideration and withdrawal of the double 
patenting rejection. In the event that the examiner maintains the rejection, the applicant would 
be willing to enter a terminal disclaimer upon a finding of allowable subject matter in the present 
application. 

The examiner has also provisionally rejected Claims 1-20 on the grounds of nonstatutory 
obviousness-type double patenting, as being unpatentable over amend claims 18-39 of copending 
patent application no. 10/264,762. The examiner acknowledged that the present claims are not 
identical to those of application no. 10/264,762, but maintains that the claim sets are not 
patentably distinct from each other. Again, the applicant believes that the above amendments 
render the present claims patentably distinct from those of application no. 10/264,762 and 
therefore requests reconsideration and withdrawal of the double patenting rejection. In the event 
that the examiner maintains the rejection, the applicant would be willing to enter a terminal 
disclaimer upon a finding of allowable subject matter in the present application. 
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Rejections Under 35 U.S.C. $ 102 

The examiner has rejected Claims 1-20 under 35 U.S.C. 102(e) as being anticipated 
by Routhenstein (U.S. Patent 7,195,154). With respect to independent claim 1, examiner 
states that "Routhenstein teaches sending terminal data to a terminal; receiving corollary data 
generated from user input and terminal data from said terminal; sending corollary data and 
HSM data to a hardware security module; receiving a PIN block generated from corollary 
data and HSM data from said hardware security module." With respect to independent claim 
11, examiner states that "Routhenstein teaches a transaction manager; a transaction module 
communicably connected to said transaction manager; a hardware security module 
communicably connected to said transaction manager; wherein said transaction manager 
sends terminal data to said transaction module such that the transaction module generates 
corollary data using said terminal data and user input data and said transaction manager 
sends said corollary data and HSM data to said hardware security module, such that the 
hardware security module generates a PIN block using said corollary data and said HSM 
data." The applicant respectfully disagrees with the examiner's reading of Routhenstein and 
therefore traverses the rejections. In particular, the applicant believes that Routhenstein fails 
to disclose at least the steps of sending corollary data and HSM data to a hardware security 
module and receiving a PIN block generated from corollary data and HSM data from said 
hardware security module, as contemplated by claim 1. The applicant also believes that 
Routhenstein fails to disclose at least a transaction manager and a hardware security module, 
as contemplated by claim 11. 

As further clarified by way of the above amendments, claims 1 and 1 1 recite a method 
and system, respectively, of secure PIN processing in a network transaction between a 
terminal and a merchant server. The merchant server establishes a network connection 
between the terminal and a transaction manager, such that the merchant server is not privy to 
data exchanged between the terminal and the transaction manager. The transaction manager 
generates terminal data and HSM data. The transaction manager sends the terminal data to 
the terminal and the terminal generates corollary data relating to a PIN using the terminal 
data and user input data. The transaction manager then receives the corollary data from the 
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terminal and sends the corollary data and the HSM data to a hardware security module. The 
hardware security module calculates the PIN based on the corollary data and the HSM data, 
encrypts the PIN and generates a PIN block that includes the encrypted PIN. The transaction 
manager then receives the PIN block from said hardware security module, generates a 
transaction request including said PIN block and transmits the transaction request to a 
financial network for authentication of the PIN and the transaction. Accordingly, the method 
and system of claims 1 and 1 1 involve both a transaction manager and a hardware security 
module, which are at least logically separate from the merchant server and the financial 
network. 

As applicant understands, Routhenstein discloses a method for generating a Secure Card 
Number ("SCN") and exchanging a SCN and other identifiers between a first entity (i.e., a 
customer) a second entity (i.e., a merchant) and a money source (i.e., a financial institution) in 
order to authenticate a transaction. An SCN is generated by the customer (i.e., the customer's 
electronic card) and is sent to the merchant. The SCN includes the customer's encrypted PIN. 
The merchant then passes the SCN to the financial institution, which extracts, decrypts and 
validates the PIN. See, generally, Routhenstein at Abstract. Nowhere does Routhenstein 
disclose, teach or suggest the use of a transaction manager or a hardware security module being 
at least logically separate from the merchant or the financial institution. Instead, the merchant is 
directly involved in the transfer of authentication data between the customer and the money 
source. 

Furthermore, Routhenstein teaches that the customer's PIN is generated by the customer 
device (i.e., electronic card), which transmits the PIN to the merchant as part of the SCN. Id. In 
contrast, the customer's PIN is not generated by or transmitted from the terminal according to the 
method of claim 1 or the system of claim 1 1 . Rather, claims 1 and 1 1 specify that the terminal 
generates corollary data related to a PIN and sends the corollary data (not the PIN itself) to the 
transaction manager. The transaction manager sends the corollary data and other data to the 
HSM, which uses such data to calculate the customer's PIN. 

To anticipate a claim, a reference must teach each and every element of the claim, 
either expressly or inherently. See M.P.E.P. § 2131. Based on at least the above-noted 
distinctions, the applicant submits that Routhenstein does not teach each and every element of 
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either independent claim 1 or independent claim 11. Dependent claims 2-7, 10 and 12-18 are 
therefore patentable for at least the reasons noted with regard to claims 1 and 1 1 , and may be 
patentable for additional reasons. Accordingly, the applicant respectfully requests 
reconsideration and allowance of claims 1-7 and 10-18. 



Conclusion 

The foregoing is believed fully responsive to the Office Action dated September 10, 
2007. A request for a 3 -month extension of time for filing this response, together with the fee 
required by 37 C.F.R. 1.17(a)(3), is enclosed. The time for filing this response is thereby 
extended to today, March 10, 2008, and this response is timely filed. The Commissioner is 
hereby authorized to charge any additional fees and credit any refund to Deposit Account No. 
11-0855. 

Respectfully submitted: 

/michael pavento/ 
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